Bonum Certa Men Certa

Perfectl is Not New, It's Not News About Linux, Outdated Apache RocketMQ is Not Linux, and the Real News Should be Back Doors Like Windows and CALEA Blunder

posted by Roy Schestowitz on Oct 16, 2024

Bruce Schneier

Perfectl Malware: At least he did not say Linux

"The malware has been circulating since at least 2021."

What malware?

"Perfectl Malware".

Linux?

No, not really. Really? Yes, really. Not Linux.

We've patiently tracked this FUD for a while now. It has been tracked in this page since the fifth of October (10+ days already and they're not done with their marketing campaign yet).

We were reluctant to write about it as it would give the FUD even more publicity, but now Schneier on Security mentions it, so it's getting more exposure anyway.

As an associate put it: "found on 'many' Linux machines? Really? Never heard of it prior to this..."

So for 3+ years it has been on "many" machines and somehow nobody mentioned it?

Weird.

As per my editorial comments (going over a week back), it seems like a marketing campaign, not research, and in order to properly rebut what this private company (Spamnil did a lot of spam for this company, so you know they're spammers) says we've been checking its claims. "My guess is that the article and others like it," an associate says, "are part of a larger orchestrated smear campaign to disparage FOSS heading into the upcoming decisions regarding computer and network security by US Congress and The White House."

"The articles contain a lot of lies and disinformation, in particular they wrongly assert that "any" Linux system is vulnerable. CUPS is Apple. Apache RocketMQ is not Linux either..."

Schneier says: "Something this complex and impressive implies that a government is behind this. North Korea is the government we know that hacks cryptocurrency in order to fund its operations. But this feels too complex for that. I have no idea how to attribute this."

Don't even go that far. Check what the basis is...

As noted above, it seems like a marketing/FUD campaign.

The AMX-30 is a main battle tank designed by Ateliers de construction d'Issy-les-Moulineaux and first delivered to the French Army in August 1965. The first five tanks were issued to the 501st Régiment de Chars de Combat in August of that year.

"The attribution is to point to the disinformation campaign coming via Redmond," our associate opines. "Maybe it is all a distraction from China (and reading between the lines, Russia) exploiting the CALEA backdoors with impunity for all these years. The same interests which back CALEA hate the idea of a move from Windows because they'd lose their back doors. That China, Russia, and every other country in the world are also in and out of Windows systems like a cheap motel does not matter to them. They only care that they themselves can also get in on demand. That's harder on GNU/Linux and Linux in general for many reasons including but not limited to the lack of a monoculture. tldr; The CALEA breaches have been pushed out of the news cycle prematurely."

A lot of the anti-"Linux" (even when it's not Linux; or even not the fault of Linux) FUD comes at strategic times for Microsoft and sometimes comes directly from Microsoft staff (Xz for instance). It's difficult to ignore the pattern.

"Another theme to be debunked," the associate adds, "amidst the stream of aspersions, insinuations, and disinformation, is the false premise that Microsoft is any kind of authority."

Microsoft is the culprit, not the expert, but it is expert at infiltrating positions of authority, especially in government [1, 2, 3, 4], in order to undermine real security and instead peddle snake-oil and lies.

The associate calls it after-market boondoggles "in place of secure design" and takes note of hours-old "victim blaming" by Microsoft, which "continues into a new decade..." (it says "Microsoft wants tougher punishments for cybercriminals"; how about the holes that facilitate these cybercriminals?)

He further notes that "targeting != breach, unless Windows(tm) is involved" (in which case, the holes are deliberate).

In short, there's some dodgy private company trying to promote itself by trash-talking "Linux" for over 10 days already (many shallow pieces in "the media"). But it's not about Linux, it's about servers that haven't been patched for ages and it's the fault of some outdated programs installed on them. The timing of this FUD (or marketing from this company's perspective) is hard to brush aside.

It's almost like this dodgy private company is attempting to sell something.

The FUD source

Other Recent Techrights' Posts

Today We Got an Early Birthday Gift
Exciting times
[Meme] Going Too Far to the Left Can Breed Militant Ideology
Some people can never be appeased because they prefer not to be appeased
FSF Expressed No Preference Regarding Presidential Candidates (Its Founder Did)
Because he is a principled person, he does not prioritise loyalty to customers or employers (money)
Who Next on the Linux Foundation's 'Kill List'?
Remember that only about 2% of the "Linux" Foundation's budget goes to Linux
Even LKML Subjected to Slop/SPAM by Guardian Digital, Inc (linuxsecurity.com)
They're really awful
What Makes RMS Such an Attractive Target ('Discreditisation' Campaigns)
Don't be so easily fooled
The Biggest OEMs or Vendors of GNU/Linux Stopped Competing With Microsoft (Which Pays Them to Promote Windows, Too)
Where are the competition authorities (or regulators for that matter)?
 
[Meme] When You Discredit People Who Discredit Secret Code
proprietary systems with hundreds of millions of transistors (and hundreds of millions of lines of code)
The High Cost of Making Scepticism of Proprietary Voting Machines a "Trump" and "Conspiracy Theory" Territory
Time to get back to paper? Or read an old paper?
Links 07/11/2024: Online Manipulation in Social Control Media, Election Deniers, and More
Links for the day
Gemini Links 07/11/2024: emacs-guix and File Hoarding
Links for the day
[Meme] Election Day at the European Patent Office
Less than 60 minutes left to cast your vote
Staff Union of the European Patent Office (SUEPO) Election Ending Today
In one hour
[Meme] When the Patent Office Does Illegal Things and Staff Speaks Out
many leaks received today
Apple's Debt Has Skyrocketed While Gimmicks Like Vision Pro Failed
In Apple's case, the debt is almost double the "Cash on Hand", which isn't even cash
A President Trump is Excellent News to Microsoft
His racist policies gave lots of contracts to Microsoft
Links 07/11/2024: Facebook Scams, Journalists on Strike
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, November 06, 2024
IRC logs for Wednesday, November 06, 2024
Microsoft-Connected Publishers Want Us to Think That Linux is Some Sort of a Virus and a "Backdoor"
"The problem is with windows and the attack vector is via Windows"
We've Made it to 18! Here's to Another 18!
Going on for another 18 years means until some time at the end of 2042
Links 07/11/2024: Political Angst and Laptop Issues
Links for the day
Links 06/11/2024: BPF in RFC 9669, More Facebook Fines for Privacy Abuses
Links for the day
Gemini Links 06/11/2024: Political Shock and Hermaic Encouragement
Links for the day
Planet Debian Allows Politics (But It Depends on Your Opinions and Debian's Big Sponsors)
Planet Debian is OK with politics... as long as all your political opinions are the "correct" ones and you add cute animals
Let's Encrypt Falls to a New Low of Only 0.6% of Gemini Capsules Known to Lupa
In Gemini Protocol, certificates for encryption are required, but centralised Certificate Authorities (CAs) aren't needed
Computer-Generator Crap Flooding the Web, the Latest Example About "Linux"
Here's today's example
Links 06/11/2024: Election Disinformation and Legal Actions
Links for the day
Gemini Links 06/11/2024: Stargazing and Death on Hallowe'en
Links for the day
Would You Trust a Liar?
Why lie about the authorship?
Mass Layoffs at Mozilla Announced During US Elections
Maybe nobody will notice?
[Meme] Announcing "Results" Before Everyone Even "Played"
There is a "tech" angle to otherwise political news
US Polls Close in One Minute (Social Control Media Does Not Care, Will Not Wait)
US election results will be known in about 2 days
Concentration and Centralisation Versus Aggregation or Syndication
KDE has a history of burying old sites
Social Control Media, Even Hours Before Polls Have Closed
Has social control media controlled by CPC (TikTok) and the Trumpmobile guy (Musk's "X") done enough to convince people not to even vote (based on presumptive "results", presented a long time before all polls have closed)?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, November 05, 2024
IRC logs for Tuesday, November 05, 2024
Wayland Pains in Community-Led Distros of GNU/Linux
Few people and companies use Wayland; there's hardly any technical or practical reason to choose it
IBM Still Conflating Microsoft With 'Security'
As a meme
Sanctions Cause Fragmentation in Software
some Chinese Linux developers are already subjected to restrictions similar to Russians'
Web Failing With Slop, Even in 'Linux' Sites (LLM Spam)
Add SEO prompting to the mix and the Web becomes a pool of slop, not knowledge
[Meme] State of the World Wide Web and Online Journalism
Technically a failure (DRM) and cannot even get basic things right
Trump's signature policy, building a wall, copied from Irish-Australian student politician
Reprinted with permission from Daniel Pocock
Linus Torvalds' self-deprecating LKML CoC mail linked to Hitler's first writing: Gemlich letter
Reprinted with permission from Daniel Pocock
[Meme] Turning 18 in One Day
just one more day
Birthday Tomorrow
Many cakes and drinks are ready; we're one day away now
The Internet is Failing to Protect Democratic Processes and Human Knowledge
Amplifying lies, rewarding plagiarists
Links 05/11/2024: Criminal Referrals Regarding Patent Trolls and Disinformation About the Election Process (Already)
Links for the day
Gemini Links 05/11/2024: 'App' Needed for Parking, NNCP, Gomphotherium
Links for the day
How Voting Does Not Work
You cannot vote from an "app"
Saving the Planet With Honesty, Transparency, and Sharing (Not Only of Computer Code)
GAFAM is destroying the only habitat humans and other animals have and it'll only get worse
Disinformation About Election Outcomes Even Before Any Election Outcomes (or Election/Voting!)
seeding doubt about election outcomes
Links 05/11/2024: Bluesky and Enshittification, Pugad Baboy, and Lots of Disinformation Flooding the Web
Links for the day
[Meme] Sweaty Under the Belly
"OK, my critics are 'spam'"
Microsoft Bribing Canonical (to Stop Competing) and Bribing Users to Shun the Competition
Canonical is worth shunning
[Meme] The 2024 'Info Bros'
And prehistoric googling
Computers Getting Worse (for the User) Over Time
This is like Windows-ism coming to "Linux" through the hardware
[Meme] How NOT to Vote
Another form of (mostly-unspoken-of) election interference
An LLM Inside a 'Search' Engine Means That Companies Tell You What They Want, Not What Web Pages to Visit
The future of 'googling' things might be as unreliable as using Social Control Media as a source of information
Google's Debt Has Increased and 'Cash on Hand' Fell by 22.27% This Past Year
These are the numbers that the corporate media intentionally leaves out
Against Outsourcing of Sites and E-mail
Software Freedom is great, but it is not enough if you let someone else do it 'for you'
Drew DeVault: People Talking About My Attack Site (Against the Founder of GNU/Linux) is "Spam"
"Spam on sr.ht mailing lists"
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, November 04, 2024
IRC logs for Monday, November 04, 2024
There's a Reason Why Techrights is Turning 18 and Tux Machines Will Turn 20.5 Next Month
I started advocating GNU/Linux when I was a teenager
"Oppose the Fascist"
what the founder of GNU/Linux said
Techrights Has a Long History of Fighting to Expose 'Team Mono' or Microsofters Inside GNOME
Never downplay the malice of Microsoft and its operatives
Halloween, All Saints Day & Swiss citizenship
Reprinted with permission from Daniel Pocock
Gemini Links 05/11/2024: Halloween Over, Intention and Implementation, Bookmark Syncing
Links for the day